CN113221171A - Encrypted file reading and writing method and device, electronic equipment and storage medium - Google Patents
Encrypted file reading and writing method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN113221171A CN113221171A CN202110557874.7A CN202110557874A CN113221171A CN 113221171 A CN113221171 A CN 113221171A CN 202110557874 A CN202110557874 A CN 202110557874A CN 113221171 A CN113221171 A CN 113221171A
- Authority
- CN
- China
- Prior art keywords
- file
- encrypted file
- plaintext information
- target encrypted
- file system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 60
- 238000004590 computer program Methods 0.000 claims description 11
- 238000001914 filtration Methods 0.000 claims description 10
- 230000000977 initiatory effect Effects 0.000 claims description 8
- 238000004891 communication Methods 0.000 claims description 4
- 230000008447 perception Effects 0.000 abstract description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000013475 authorization Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Abstract
The application discloses an encrypted file reading and writing method, an encrypted file reading and writing device, electronic equipment and a storage medium, wherein the method comprises the following steps: when a main application starts a request for reading a target encrypted file, a file system in a kernel space initiates hardware interruption and sends an acquisition request of the target encrypted file to a physical disk; acquiring a target encrypted file from a physical disk, and decrypting the target encrypted file by using a file filter driver in a file system to generate plaintext information; and copying the plaintext information to a user space memory where the main application is located so that the main application reads and writes the plaintext information. According to the method, the target encrypted file is encrypted and decrypted on the drive layer, so that the plain text information can be read without changing application software, the target encrypted file is always in an encrypted state in a file system, the security and confidentiality of the file are guaranteed, and the application layer, namely a main application, can read the required file without perception, and does not influence the use of a user.
Description
Technical Field
The present application relates to the field of file security technologies, and in particular, to an encrypted file read-write method and apparatus, an electronic device, and a storage medium.
Background
At present, many enterprises and government organizations usually encrypt files because some important files are unintentionally or intentionally leaked in a copying manner during use, for example, hackers directly steal related files, but encryption may cause unavailability of application software, for example, word programs, such as word-loaded documents, are encrypted and cannot be referred to or edited by users, which affects user use.
Disclosure of Invention
The application aims to provide an encrypted file reading and writing method, an encrypted file reading and writing device, electronic equipment and a storage medium, a target encrypted file can be encrypted and decrypted on a drive layer, clear text information can be read without changing application software, the target encrypted file is always in an encrypted state in a file system, the security and confidentiality of the file are guaranteed, and the application layer, namely a main application, can read a required file without perception and does not influence the use of a user. The specific scheme is as follows:
in a first aspect, the present application discloses an encrypted file read-write method, including:
when a main application starts a request for reading a target encrypted file, a file system in a kernel space initiates hardware interruption and sends an acquisition request of the target encrypted file to a physical disk;
acquiring the target encrypted file from the physical disk, and decrypting the target encrypted file by using a file filter driver in the file system to generate plaintext information;
and copying the plaintext information to a user space memory where the main application is located so that the main application reads and writes the plaintext information.
Optionally, before initiating a hardware interrupt by the file system in the kernel space and sending an acquisition request of the target encrypted file to the physical disk, the method further includes:
the file system checks whether plaintext information corresponding to the target encrypted file is stored in memory management;
if not, generating page missing interrupt, executing the file system in the kernel space to initiate hardware interrupt, and sending the acquisition request of the target encrypted file to a physical disk.
Optionally, the decrypting the target encrypted file by using the file filter driver in the file system to generate plaintext information includes:
and the file filter driver in the file system determines the read offset and the read length of the decrypted file according to the ciphertext information of the target encrypted file, and generates the plaintext information.
Optionally, after copying the plaintext information to a user space memory where the primary application is located, so that the primary application reads and writes the plaintext information, the method further includes:
when the main application edits the plaintext information and sends the edited plaintext information to a file system, a file filter driver in the file system encrypts the edited plaintext information to obtain ciphertext information, so that the file system writes the ciphertext information into the physical disk.
Optionally, before the file system in the kernel space initiates a hardware interrupt, the method further includes:
judging whether the main application is authorized by a drive communication SDK to read and write the target encrypted file;
and if so, executing the step that the file system in the kernel space initiates hardware interrupt.
In a second aspect, the present application discloses an encrypted file read-write apparatus, including:
the system comprises a sending module, a physical disk and a storage module, wherein the sending module is used for initiating hardware interruption by a file system in a kernel space when a main application starts a request for reading a target encrypted file and sending an acquisition request of the target encrypted file to the physical disk;
the decryption module is used for acquiring the target encrypted file from the physical disk, decrypting the target encrypted file by using a file filter driver in the file system and generating plaintext information;
and the copying module is used for copying the plaintext information to a user space memory where the main application is located so that the main application can read and write the plaintext information.
Optionally, the method further includes:
the checking module is used for checking whether plaintext information corresponding to the target encrypted file is stored in memory management or not by the file system;
and the page missing interrupt module is used for generating page missing interrupt if the file system is not in the kernel space, executing the steps of initiating hardware interrupt by the file system in the kernel space and sending an acquisition request of the target encrypted file to the physical disk.
Optionally, the decryption module includes:
and the generating unit is used for determining the read offset and the read length of the decrypted file according to the ciphertext information of the target encrypted file by the file filtering driver in the file system, and generating the plaintext information.
In a third aspect, the present application discloses an electronic device, comprising:
a memory for storing a computer program;
and the processor is used for realizing the steps of the encrypted file reading and writing method when executing the computer program.
In a third aspect, the present application discloses a computer-readable storage medium, on which a computer program is stored, and the computer program, when executed by a processor, implements the steps of the above-mentioned encrypted file reading and writing method.
The application provides an encrypted file reading and writing method, which comprises the following steps: when a main application starts a request for reading a target encrypted file, a file system in a kernel space initiates hardware interruption and sends an acquisition request of the target encrypted file to a physical disk; acquiring the target encrypted file from the physical disk, and decrypting the target encrypted file by using a file filter driver in the file system to generate plaintext information; and copying the plaintext information to a user space memory where the main application is located so that the main application reads and writes the plaintext information.
The method comprises the steps that a target encrypted file is decrypted through a file filtering driver, namely the target encrypted file is decrypted on a driver layer, and then decrypted plaintext information is copied to a user space memory where a main application is located, so that the main application can read and write the plaintext information; according to the method and the device, the object encrypted file is encrypted and decrypted on the driving layer, the plain text information can be read without changing application software, the object encrypted file is always in an encrypted state in a file system, the security and confidentiality of the file are guaranteed, the application layer, namely, a main application, can read the required file without perception, the use of a user is not influenced, and the defects that the use of the user is influenced due to the fact that the application software is unavailable after the file is encrypted in the related technology are overcome. The application also provides an encrypted file read-write device, an electronic device and a computer readable storage medium, which have the beneficial effects and are not repeated herein.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of an encrypted file read-write method according to an embodiment of the present application;
fig. 2 is a schematic diagram of an internal framework of a user space and a kernel space in a device in which a host application is located according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of an encrypted file read/write apparatus according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Many businesses, government entities, have the possibility of inadvertently, intentionally, copying or hacking important or confidential documents to reveal the relevant documents during use. To solve this problem, files are usually encrypted, but encryption may result in the unavailability of application software such as word programs. Based on the above technical problem, this embodiment provides an encrypted file read-write method, which not only ensures the security and confidentiality of a file, but also does not affect the use of a user for an application layer, i.e., a master application, and the required file can be read without sensing, and refer to fig. 1 specifically, where fig. 1 is a flowchart of an encrypted file read-write method provided by this embodiment, and specifically includes:
s101, when a main application starts a request for reading a target encrypted file, a file system in a kernel space initiates hardware interruption, and sends an acquisition request of the target encrypted file to a physical disk.
The execution subject of this embodiment is the device where the primary application is located, and specifically, the file system of the device kernel space. It will be appreciated that the role of the file system of the kernel space is to enable interaction of storage media and other resources on the system. The embodiment does not limit the specific object of the main application, and may be WeChat, nail, or other applications. The embodiment also does not limit the specific content of the target encrypted file, and may be a WPS document, an Excel document, or other content. In this embodiment, when the main application starts a request for reading a target encrypted file, the file system in the kernel space initiates a hardware interrupt, and requests the in-house disk to obtain the target encrypted file. It can be understood that the target encrypted file is stored in the indoor disk, and the file system needs to acquire the target encrypted file from the physical disk and store the target encrypted file in the file system.
In a specific embodiment, in order to improve the read-write efficiency of the target encrypted file, before initiating a hardware interrupt by a file system in a kernel space and sending an acquisition request of the target encrypted file to a physical disk, the method may further include:
the file system checks whether plaintext information corresponding to the target encrypted file is stored in the memory management;
if not, generating page missing interruption, executing a file system in the kernel space to initiate hardware interruption, and sending an acquisition request of the target encrypted file to the physical disk.
That is, in this embodiment, before initiating a hardware interrupt and sending a request for acquiring a target encrypted file to a physical disk, the file system checks whether plaintext information corresponding to the target encrypted file is stored in memory management, and sends the request for acquiring the target encrypted file to the physical disk only when there is no corresponding plaintext information in the memory management. The method can prevent the situation that the target encrypted file is acquired from the physical disk when the plaintext information of the target encrypted file is stored in the memory management, improve the reading and writing efficiency of the target encrypted file, and save the resource utilization for data interaction. The embodiment does not limit the specific process of checking whether the plaintext information corresponding to the target encrypted file is stored in the memory management by the file system, and if the device where the main application is located only includes an independent memory module, only checking whether the plaintext information corresponding to the target encrypted file is stored in the memory management; if the device in which the main application is located is also provided with a cache module, in this embodiment, when it is checked that the memory management does not include the plaintext information corresponding to the target encrypted file, the memory management may further check whether the plaintext information corresponding to the target encrypted file is stored in the cache management, and if the cache management does not include the plaintext information corresponding to the target encrypted file, execute a step in which the file system in the kernel space initiates hardware interrupt, and sends an acquisition request of the target encrypted file to the physical disk. Therefore, when the device where the main application is located only comprises the memory module, page missing interruption is generated when the memory management is checked and does not comprise plaintext information corresponding to the target encrypted file; it can be understood that the page fault interrupt is that the page to be accessed is not in the main memory, and the page needs to be called into the main memory by the operating system and then accessed. Correspondingly, if a cache module is also set in the device where the main application is located, and if it is checked that the memory management and the cache management do not contain plaintext information corresponding to the target encrypted file, the village management generates page missing interruption, executes a file system in the kernel space to initiate hardware interruption, and sends an acquisition request of the target encrypted file to the physical disk.
Further, in order to effectively increase the security of the file, before the file system in the kernel space initiates a hardware interrupt, the method may further include:
judging whether the main application is authorized by the drive communication SDK to read and write the target encrypted file;
and if so, executing the step that the file system in the kernel space initiates hardware interrupt.
That is, before the file system initiates the hardware interrupt in this embodiment, it is further required to determine whether the main application is authorized by a driver Development Kit (SDK), and when the main application is authorized, the subsequent steps are executed; for example, when only the WeChat or the nail in the device is authorized to read the target encrypted file, the QQ cannot read the plaintext information and the like corresponding to the target encrypted file without authorization, and the subsequent operation cannot be performed. The security of the file can be effectively improved, and file information is prevented from being leaked due to reading of unauthorized application software.
S102, acquiring a target encrypted file from the physical disk, and decrypting the target encrypted file by using a file filter driver in the file system to generate plaintext information.
In this embodiment, after the target encrypted file is acquired from the physical disk, the target encrypted file is decrypted by using the file filter driver in the file system. It can be understood that, because the file filtering driver is in the driver level, more details of the system can be controlled, the association degree with the application program is very small, all the application programs can be compatible, and the dynamic encryption and decryption processing is facilitated by using the file filtering driver. The present embodiment does not limit the specific content of the plaintext information, and depends on the target encrypted file.
The embodiment does not limit the specific process of decrypting the target encrypted file by the file filter driver. In a specific embodiment, decrypting the target encrypted file by using a file filter driver in the file system to generate plaintext information may include:
and the file filter driver in the file system determines the read offset and the read length of the decrypted file according to the ciphertext information of the target encrypted file to generate plaintext information.
The embodiment does not limit the specific content of the ciphertext information, and may include a file header offset, a ciphertext block size, a current file reading offset, and a data length to be read. It can be understood that information such as an encryption algorithm and the like can be stored in the file header offset, for example, if the current ciphertext contains 10 bytes, then 3 bytes contained in the file header are information such as the encryption algorithm and the like; the present embodiment does not limit the specific ciphertext block size, and may be 512 bytes, for example; taking an example that a file header is 3 bytes, the current file pointer offset can be understood as that if the 0 th byte of an actual file is to be read, if the file is an encrypted file, the file needs to be read from the 3 rd byte; the embodiment also does not limit the specific size of the data length to be read, and the corresponding parameters can be set according to the actual situation. It can be understood that the read offset and the new read length of the decrypted file can be calculated according to the ciphertext information to realize the decryption process and obtain plaintext information.
S103, copying the plaintext information to a user space memory where the main application is located, so that the main application reads and writes the plaintext information.
In this embodiment, after the file filter driver in the file system decrypts the target encrypted file to obtain the plaintext information, the file system needs to copy the obtained plaintext information to the user space memory where the primary application is located, and the primary application can read the plaintext information from the user space memory.
It can be understood that, in order to ensure the security and confidentiality of the file, after the main application layer edits the file, the edited file needs to be written into a physical disk, and plaintext data needs to be encrypted at the drive layer without sensing. In a specific embodiment, in order to ensure security and confidentiality of a file, after copying plaintext information to a user space memory where a host application is located and reading and writing the plaintext information by the host application, the method may further include:
when the main application edits the plaintext information and sends the edited plaintext information to the file system, the file filter driver in the file system encrypts the edited plaintext information to obtain ciphertext information, so that the file system writes the ciphertext information into the physical disk.
In this embodiment, after the plaintext information is edited, in order to ensure the security of the file, the edited plaintext information needs to be encrypted by using the file filter driver without sensing in the driver layer. It can be understood that, in the embodiment, the file filtering driver is used in the driver layer to encrypt and decrypt the file, so that even if the file is copied to other storage media by a user, the content of the file is the ciphertext, thereby preventing the leakage of important sensitive files.
Based on the technical scheme, the plain text information can be read by encrypting and decrypting the target encrypted file on the driver layer without changing application software, the target encrypted file is always in an encrypted state in a file system, the security and confidentiality of the file are guaranteed, the application layer, namely the main application, can read the required file without perception, the use of a user is not influenced, and the defects that the use of the user is influenced due to the fact that the application software is unavailable after the file is encrypted in the related technology are overcome.
Fig. 2 is a schematic diagram of an internal framework of a user space and a kernel space in a device in which a host application is located according to this embodiment. The main application and the file system part corresponding to the embodiment of the application are implementation parts in the architecture, and are respectively located in a user space and a kernel space. It should be noted that this embodiment is a method for reading and writing encrypted files provided in a Windows system. The protected file, namely the encrypted file, is decrypted or encrypted on the windows driver layer, application software is not changed, the application software can read plaintext content or encrypt the plaintext after editing and then write the plaintext content into the file, and the file is always in an encrypted state in a file system.
1. An integration direction in a user space reads a file (or a target encryption file) to a file system of a kernel space;
2. the file system checks whether needed data, namely plaintext information corresponding to the target encrypted file, exists in the memory management;
3. the memory management checks whether needed data exist to the cache management;
4. the cache management generates page missing interruption, and the file filter driver determines a new file reading offset of the decrypted file and a reading length according to the file header offset, the current file reading offset, the data length to be read and the ciphertext block size;
5. the file system initiates hardware interruption according to the new file reading offset and the new data length to be read, reads the data in the physical disk, and sends an acquisition request of a target encrypted file to the physical disk;
6. the file system acquires ciphertext data, namely an encrypted target encryption file;
7. the file filtering driver decrypts the data, namely, the target encrypted file;
8. the plaintext information of the read length obtained by the file filtering driver decryption is copied to a user space memory;
9. the user space application, i.e. the main application, can directly read the cached data in the user space memory, i.e. the plaintext information corresponding to the target encrypted file.
In the above embodiment, the information such as the file header identifier, the algorithm, the plaintext length, etc. is added to the ciphertext file, i.e. the target encryption file; being unaware of the application, it is almost unlikely that the application will be customized to prevent file leakage, especially the mainstream office, wps. The file filtering driver is used for realizing file protection, and application software can read plaintext data and store the plaintext data as a ciphertext file without sensing only after authorization; the method has compatibility, and the mainstream common application software can support read-write operation.
Based on the technical scheme, the protected file, namely the target encrypted file, is decrypted or encrypted at the driver layer, the application software is not changed, the application software can read the plaintext content or write the encrypted plaintext content into the file system after editing, and the file is always in an encrypted state in the file system. In order to ensure the security and the confidentiality of the file, any application software can not read, only authorized application software can have the authority to read the plaintext information, the security and the confidentiality of the file are ensured, and the application layer, namely the main application, can read the required file without perception, and does not influence the use of a user.
Referring to fig. 3, fig. 3 is a schematic structural diagram of an encrypted file read/write apparatus provided in an embodiment of the present application, where the encrypted file read/write apparatus described below and the encrypted file read/write method described above may be referred to in a corresponding manner, and the encrypted file read/write apparatus described below and the encrypted file read/write method described above are all disposed in the same apparatus, and the method includes:
in some specific embodiments, the method specifically includes:
a sending module 301, configured to initiate a hardware interrupt by a file system in a kernel space when a main application starts a request for reading a target encrypted file, and send an acquisition request of the target encrypted file to a physical disk;
the decryption module 302 is configured to obtain a target encrypted file from a physical disk, and decrypt the target encrypted file by using a file filter driver in a file system to generate plaintext information;
the copying module 303 is configured to copy the plaintext information to a user space memory where the primary application is located, so that the primary application reads and writes the plaintext information.
In some specific embodiments, the method further comprises:
the checking module is used for checking whether plaintext information corresponding to the target encrypted file is stored in the memory management or not by the file system;
and the page missing interrupt module is used for sending the page missing interrupt if the file system does not have the page missing interrupt, executing the steps of initiating hardware interrupt by the file system in the kernel space and sending an acquisition request of the target encrypted file to the physical disk.
In some specific embodiments, the decryption module 302 includes:
and the generating unit is used for determining the read offset and the read length of the decrypted file according to the ciphertext information of the target encrypted file by the file filtering driver in the file system, and generating plaintext information.
In some specific embodiments, the method further comprises:
and the encryption module is used for editing the plaintext information and sending the edited plaintext information to the file system when the main application, and the file filter driver in the file system encrypts the edited plaintext information to obtain ciphertext information so that the file system writes the ciphertext information into the physical disk.
In some specific embodiments, the method further comprises:
and the judging module is used for judging whether the main application is authorized by the drive communication SDK to read and write the target encrypted file.
Since the embodiment of the encrypted file reading and writing apparatus portion corresponds to the embodiment of the encrypted file reading and writing method portion, reference is made to the description of the embodiment of the encrypted file reading and writing method portion for the embodiment of the encrypted file reading and writing apparatus portion, and details are not described here for the moment.
In the following, an electronic device provided by an embodiment of the present application is introduced, and the electronic device described below and the encrypted file reading and writing method described above may be referred to correspondingly.
The application also discloses an electronic device, including:
a memory for storing a computer program;
and the processor is used for realizing the steps of the encrypted file reading and writing method when executing the computer program.
Since the embodiment of the electronic device portion and the embodiment of the encrypted file reading and writing method portion correspond to each other, please refer to the description of the embodiment of the encrypted file reading and writing method portion for the embodiment of the electronic device portion, which is not described herein for a while.
In the following, a computer-readable storage medium provided by an embodiment of the present application is introduced, and the computer-readable storage medium described below and the encrypted file reading and writing method described above may be referred to correspondingly.
The application also discloses a computer readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the steps of the above encrypted file reading and writing method are realized.
Since the embodiment of the computer-readable storage medium portion and the embodiment of the encrypted file reading and writing method portion correspond to each other, for the embodiment of the computer-readable storage medium portion, reference is made to the description of the embodiment of the encrypted file reading and writing method portion, and details are not repeated here.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The detailed description is given above of an encrypted file read-write method, an encrypted file read-write device, an electronic device, and a computer-readable storage medium provided by the present application. The principles and embodiments of the present application are explained herein using specific examples, which are provided only to help understand the method and the core idea of the present application. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
Claims (10)
1. An encrypted file read-write method is characterized by comprising the following steps:
when a main application starts a request for reading a target encrypted file, a file system in a kernel space initiates hardware interruption and sends an acquisition request of the target encrypted file to a physical disk;
acquiring the target encrypted file from the physical disk, and decrypting the target encrypted file by using a file filter driver in the file system to generate plaintext information;
and copying the plaintext information to a user space memory where the main application is located so that the main application reads and writes the plaintext information.
2. The method according to claim 1, wherein before the file system in the kernel space initiates a hardware interrupt and sends the acquisition request of the target encrypted file to the physical disk, the method further comprises:
the file system checks whether plaintext information corresponding to the target encrypted file is stored in memory management;
if not, generating page missing interrupt, executing the file system in the kernel space to initiate hardware interrupt, and sending the acquisition request of the target encrypted file to a physical disk.
3. The method for reading and writing the encrypted file according to claim 1, wherein the decrypting the target encrypted file by using the file filter driver in the file system to generate plaintext information comprises:
and the file filter driver in the file system determines the read offset and the read length of the decrypted file according to the ciphertext information of the target encrypted file, and generates the plaintext information.
4. The method for reading and writing the encrypted file according to any one of claims 1 to 3, wherein after copying the plaintext information to a user space memory where the host application is located, so that the host application reads and writes the plaintext information, the method further comprises:
when the main application edits the plaintext information and sends the edited plaintext information to a file system, a file filter driver in the file system encrypts the edited plaintext information to obtain ciphertext information, so that the file system writes the ciphertext information into the physical disk.
5. The method for reading and writing the encrypted file according to claim 1, before the file system in the kernel space initiates a hardware interrupt, further comprising:
judging whether the main application is authorized by a drive communication SDK to read and write the target encrypted file;
and if so, executing the step that the file system in the kernel space initiates hardware interrupt.
6. An encrypted-file read-write apparatus, comprising:
the system comprises a sending module, a physical disk and a storage module, wherein the sending module is used for initiating hardware interruption by a file system in a kernel space when a main application starts a request for reading a target encrypted file and sending an acquisition request of the target encrypted file to the physical disk;
the decryption module is used for acquiring the target encrypted file from the physical disk, decrypting the target encrypted file by using a file filter driver in the file system and generating plaintext information;
and the copying module is used for copying the plaintext information to a user space memory where the main application is located so that the main application can read and write the plaintext information.
7. The encrypted-file read/write apparatus according to claim 6, further comprising:
the checking module is used for checking whether plaintext information corresponding to the target encrypted file is stored in memory management or not by the file system;
and the page missing interrupt module is used for generating page missing interrupt if the file system is not in the kernel space, executing the steps of initiating hardware interrupt by the file system in the kernel space and sending an acquisition request of the target encrypted file to the physical disk.
8. The encrypted-file read/write apparatus according to claim 6, wherein the decryption module includes:
and the generating unit is used for determining the read offset and the read length of the decrypted file according to the ciphertext information of the target encrypted file by the file filtering driver in the file system, and generating the plaintext information.
9. An electronic device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the method for reading and writing the encrypted file according to any one of claims 1 to 5 when executing the computer program.
10. A computer-readable storage medium, on which a computer program is stored, which, when executed by a processor, implements the steps of the method for reading and writing an encrypted file according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110557874.7A CN113221171A (en) | 2021-05-21 | 2021-05-21 | Encrypted file reading and writing method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110557874.7A CN113221171A (en) | 2021-05-21 | 2021-05-21 | Encrypted file reading and writing method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113221171A true CN113221171A (en) | 2021-08-06 |
Family
ID=77093787
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110557874.7A Pending CN113221171A (en) | 2021-05-21 | 2021-05-21 | Encrypted file reading and writing method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113221171A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113656248A (en) * | 2021-08-17 | 2021-11-16 | 江南造船(集团)有限责任公司 | PDM system file uploading process monitoring and capturing method, system, medium and device |
| CN113806785A (en) * | 2021-10-11 | 2021-12-17 | 北京晓航众芯科技有限公司 | Method and system for carrying out safety protection on electronic document |
| CN113987557A (en) * | 2021-12-24 | 2022-01-28 | 亿次网联(杭州)科技有限公司 | File encryption processing method and system, electronic equipment and storage medium |
| CN115186300A (en) * | 2022-09-08 | 2022-10-14 | 粤港澳大湾区数字经济研究院(福田) | File security processing system and file security processing method |
| CN116070295A (en) * | 2023-02-27 | 2023-05-05 | 赛芯半导体技术(北京)有限公司 | Data processing system |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030056095A1 (en) * | 2001-09-14 | 2003-03-20 | International Business Machines Corporation | Securing decrypted files in a shared environment |
| CN1928881A (en) * | 2006-09-26 | 2007-03-14 | 南京擎天科技有限公司 | Computer data security protective method |
| CN101236535A (en) * | 2007-07-31 | 2008-08-06 | 北京理工大学 | Hard disk encryption method based on optical disk under Window environment |
| CN102567670A (en) * | 2011-12-28 | 2012-07-11 | 南京邮电大学 | Filter drive encryption implementing method for file system |
| CN102609667A (en) * | 2012-02-22 | 2012-07-25 | 浙江机电职业技术学院 | Automatic file encryption and decryption system and automatic file encryption and decryption method based on filter drive program |
| CN103164659A (en) * | 2011-12-13 | 2013-06-19 | 联想(北京)有限公司 | Method for realizing data storage safety and electronic device |
| CN104123371A (en) * | 2014-07-25 | 2014-10-29 | 上海交通大学 | Transparent Windows kernel file filtering method based on hierarchical file system |
| CN107292196A (en) * | 2017-06-27 | 2017-10-24 | 北京华云网际科技有限公司 | The reading/writing method and device of I/O data |
| CN110688650A (en) * | 2019-08-15 | 2020-01-14 | 奇安信安全技术(珠海)有限公司 | Access request monitoring method and device, storage medium and computer equipment |
| CN111310213A (en) * | 2020-02-20 | 2020-06-19 | 苏州浪潮智能科技有限公司 | Service data protection method, device, equipment and readable storage medium |
| CN111756698A (en) * | 2020-05-27 | 2020-10-09 | 浪潮电子信息产业股份有限公司 | Message transmission method, device, equipment and computer readable storage medium |
-
2021
- 2021-05-21 CN CN202110557874.7A patent/CN113221171A/en active Pending
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030056095A1 (en) * | 2001-09-14 | 2003-03-20 | International Business Machines Corporation | Securing decrypted files in a shared environment |
| CN1928881A (en) * | 2006-09-26 | 2007-03-14 | 南京擎天科技有限公司 | Computer data security protective method |
| CN101236535A (en) * | 2007-07-31 | 2008-08-06 | 北京理工大学 | Hard disk encryption method based on optical disk under Window environment |
| CN103164659A (en) * | 2011-12-13 | 2013-06-19 | 联想(北京)有限公司 | Method for realizing data storage safety and electronic device |
| CN102567670A (en) * | 2011-12-28 | 2012-07-11 | 南京邮电大学 | Filter drive encryption implementing method for file system |
| CN102609667A (en) * | 2012-02-22 | 2012-07-25 | 浙江机电职业技术学院 | Automatic file encryption and decryption system and automatic file encryption and decryption method based on filter drive program |
| CN104123371A (en) * | 2014-07-25 | 2014-10-29 | 上海交通大学 | Transparent Windows kernel file filtering method based on hierarchical file system |
| CN107292196A (en) * | 2017-06-27 | 2017-10-24 | 北京华云网际科技有限公司 | The reading/writing method and device of I/O data |
| CN110688650A (en) * | 2019-08-15 | 2020-01-14 | 奇安信安全技术(珠海)有限公司 | Access request monitoring method and device, storage medium and computer equipment |
| CN111310213A (en) * | 2020-02-20 | 2020-06-19 | 苏州浪潮智能科技有限公司 | Service data protection method, device, equipment and readable storage medium |
| CN111756698A (en) * | 2020-05-27 | 2020-10-09 | 浪潮电子信息产业股份有限公司 | Message transmission method, device, equipment and computer readable storage medium |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113656248A (en) * | 2021-08-17 | 2021-11-16 | 江南造船(集团)有限责任公司 | PDM system file uploading process monitoring and capturing method, system, medium and device |
| CN113806785A (en) * | 2021-10-11 | 2021-12-17 | 北京晓航众芯科技有限公司 | Method and system for carrying out safety protection on electronic document |
| CN113806785B (en) * | 2021-10-11 | 2023-12-08 | 北京晓航众芯科技有限公司 | Method and system for carrying out security protection on electronic document |
| CN113987557A (en) * | 2021-12-24 | 2022-01-28 | 亿次网联(杭州)科技有限公司 | File encryption processing method and system, electronic equipment and storage medium |
| CN115186300A (en) * | 2022-09-08 | 2022-10-14 | 粤港澳大湾区数字经济研究院(福田) | File security processing system and file security processing method |
| CN115186300B (en) * | 2022-09-08 | 2023-01-06 | 粤港澳大湾区数字经济研究院(福田) | File security processing system and file security processing method |
| CN116070295A (en) * | 2023-02-27 | 2023-05-05 | 赛芯半导体技术(北京)有限公司 | Data processing system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113221171A (en) | Encrypted file reading and writing method and device, electronic equipment and storage medium | |
| US8549278B2 (en) | Rights management services-based file encryption system and method | |
| EP2696305B1 (en) | Method and device for file protection | |
| EP0950941B1 (en) | Method of and apparatus for protecting data on storage medium and storage medium | |
| US20220006617A1 (en) | Method and apparatus for data storage and verification | |
| US20060117178A1 (en) | Information leakage prevention method and apparatus and program for the same | |
| US10204235B2 (en) | Content item encryption on mobile devices | |
| EP2528004A1 (en) | Secure removable media and method for managing the same | |
| US20130125196A1 (en) | Method and apparatus for combining encryption and steganography in a file control system | |
| US20110016330A1 (en) | Information leak prevention device, and method and program thereof | |
| WO2012037247A1 (en) | Secure transfer and tracking of data using removable non-volatile memory devices | |
| WO2021164166A1 (en) | Service data protection method, apparatus and device, and readable storage medium | |
| US9026755B2 (en) | Content control systems and methods | |
| JP2005327255A (en) | Special-purpose heap | |
| CN110650191A (en) | Data read-write method of distributed storage system | |
| JP4084971B2 (en) | Data protection apparatus, data protection method and program used in electronic data exchange system | |
| CN109344656B (en) | Database data encryption/decryption method, device and equipment | |
| JP2007148466A (en) | Portable storage device and os | |
| JP5703714B2 (en) | Data processing apparatus, data processing system, data processing program, and access restriction method | |
| US20140289517A1 (en) | Methods and apparatuses for securing tethered data | |
| US20090119744A1 (en) | Device component roll back protection scheme | |
| CN113239380A (en) | Method and device for protecting file read-write, electronic equipment and storage medium | |
| WO2021164167A1 (en) | Key access method, apparatus, system and device, and storage medium | |
| KR20090024371A (en) | A.i drm agent | |
| US7886147B2 (en) | Method, apparatus and computer readable medium for secure conversion of confidential files |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210806 |